[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Nov 11 08:10:26 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
66c61060 by security tracker role at 2022-11-11T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2022-45146
+ RESERVED
+CVE-2022-45145
+ RESERVED
+CVE-2022-45144
+ RESERVED
+CVE-2022-3941
+ RESERVED
+CVE-2022-3940
+ RESERVED
+CVE-2022-3939
+ RESERVED
+CVE-2022-3938
+ RESERVED
+CVE-2022-3937
+ RESERVED
+CVE-2022-3936
+ RESERVED
+CVE-2022-3935
+ RESERVED
+CVE-2022-3934
+ RESERVED
+CVE-2022-3933
+ RESERVED
CVE-2022-45143
RESERVED
CVE-2022-45142
@@ -290,21 +314,27 @@ CVE-2022-3891
CVE-2022-45045
RESERVED
CVE-2022-3890 (Heap buffer overflow in Crashpad in Google Chrome on Android prior to ...)
+ {DSA-5275-1}
- chromium 107.0.5304.110-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3889 (Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed ...)
+ {DSA-5275-1}
- chromium 107.0.5304.110-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3888 (Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 a ...)
+ {DSA-5275-1}
- chromium 107.0.5304.110-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3887 (Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 ...)
+ {DSA-5275-1}
- chromium 107.0.5304.110-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3886 (Use after free in Speech Recognition in Google Chrome prior to 107.0.5 ...)
+ {DSA-5275-1}
- chromium 107.0.5304.110-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3885 (Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed ...)
+ {DSA-5275-1}
- chromium 107.0.5304.110-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3884
@@ -6187,8 +6217,8 @@ CVE-2022-3704 (A vulnerability classified as problematic has been found in Ruby
- rails <unfixed>
NOTE: https://github.com/rails/rails/commit/be177e4566747b73ff63fd5f529fab564e475ed4
NOTE: https://github.com/rails/rails/issues/46244
-CVE-2022-3703
- RESERVED
+CVE-2022-3703 (All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prio ...)
+ TODO: check
CVE-2022-3702
RESERVED
CVE-2022-3701
@@ -6406,8 +6436,8 @@ CVE-2022-43680 (In libexpat through 2.4.9, there is a use-after free caused by o
NOTE: https://github.com/libexpat/libexpat/pull/650
NOTE: Fixed by: https://github.com/libexpat/libexpat/commit/5290462a7ea1278a8d5c0d5b2860d4e244f997e4 (R_2_5_0)
NOTE: Testcase: https://github.com/libexpat/libexpat/commit/43992e4ae25fc3dc0eec0cd3a29313555d56aee2 (R_2_5_0)
-CVE-2022-43679
- RESERVED
+CVE-2022-43679 (The Docker image of ownCloud Server through 10.11 contains a misconfig ...)
+ TODO: check
CVE-2022-43678
RESERVED
CVE-2022-43677 (In free5GC 3.2.1, a malformed NGAP message can crash the AMF and NGAP ...)
@@ -6924,8 +6954,8 @@ CVE-2022-42462
RESERVED
CVE-2022-42461
RESERVED
-CVE-2022-42460
- RESERVED
+CVE-2022-42460 (Broken Access Control vulnerability leading to Stored Cross-Site Scrip ...)
+ TODO: check
CVE-2022-42459
RESERVED
CVE-2022-41996 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada p ...)
@@ -8012,8 +8042,8 @@ CVE-2022-43076 (A cross-site scripting (XSS) vulnerability in /admin/edit-admin.
NOT-FOR-US: Web-Based Student Clearance System
CVE-2022-43075
RESERVED
-CVE-2022-43074
- RESERVED
+CVE-2022-43074 (AyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulne ...)
+ TODO: check
CVE-2022-43073
RESERVED
CVE-2022-43072
@@ -11064,8 +11094,8 @@ CVE-2022-41894
RESERVED
CVE-2022-41893
RESERVED
-CVE-2022-41892
- RESERVED
+CVE-2022-41892 (Arches is a web platform for creating, managing, & visualizing geo ...)
+ TODO: check
CVE-2022-41891
RESERVED
CVE-2022-41890
@@ -11090,20 +11120,20 @@ CVE-2022-41881
RESERVED
CVE-2022-41880
RESERVED
-CVE-2022-41879
- RESERVED
-CVE-2022-41878
- RESERVED
+CVE-2022-41879 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2022-41878 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
CVE-2022-41877
RESERVED
-CVE-2022-41876
- RESERVED
+CVE-2022-41876 (ezplatform-graphql is a GraphQL server implementation for Ibexa DXP an ...)
+ TODO: check
CVE-2022-41875
RESERVED
CVE-2022-41874 (Tauri is a framework for building binaries for all major desktop platf ...)
NOT-FOR-US: Tauri
-CVE-2022-41873
- RESERVED
+CVE-2022-41873 (Contiki-NG is an open-source, cross-platform operating system for Next ...)
+ TODO: check
CVE-2022-41872
RESERVED
CVE-2022-41871
@@ -11362,14 +11392,14 @@ CVE-2022-41627 (The physical IoT device of the AliveCor's KardiaMobile, a smartp
NOT-FOR-US: AliveCor
CVE-2022-41613
RESERVED
-CVE-2022-41607
- RESERVED
+CVE-2022-41607 (All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prio ...)
+ TODO: check
CVE-2022-41555 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
NOT-FOR-US: DIAEnergie
CVE-2022-41133 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
NOT-FOR-US: DIAEnergie
-CVE-2022-40981
- RESERVED
+CVE-2022-40981 (All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prio ...)
+ TODO: check
CVE-2022-40967 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
NOT-FOR-US: DIAEnergie
CVE-2022-40965 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
@@ -11538,8 +11568,8 @@ CVE-2022-41721
RESERVED
CVE-2022-41720
RESERVED
-CVE-2022-41719
- RESERVED
+CVE-2022-41719 (Unmarshal can panic on some inputs, possibly allowing for denial of se ...)
+ TODO: check
CVE-2022-41718
RESERVED
CVE-2022-41717
@@ -15229,7 +15259,7 @@ CVE-2022-40227 (A vulnerability has been identified in SIMATIC HMI Comfort Panel
CVE-2022-40226 (A vulnerability has been identified in SICAM P850 (All versions < V ...)
NOT-FOR-US: Siemens
CVE-2022-40225
- RESERVED
+ REJECTED
CVE-2022-40200
RESERVED
CVE-2022-40198
@@ -17128,20 +17158,20 @@ CVE-2022-39396 (Parse Server is an open source backend that can be deployed to a
NOT-FOR-US: Node parse-server
CVE-2022-39395 (Vela is a Pipeline Automation (CI/CD) framework built on Linux contain ...)
TODO: check
-CVE-2022-39394
- RESERVED
-CVE-2022-39393
- RESERVED
-CVE-2022-39392
- RESERVED
+CVE-2022-39394 (Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0 ...)
+ TODO: check
+CVE-2022-39393 (Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0 ...)
+ TODO: check
+CVE-2022-39392 (Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0 ...)
+ TODO: check
CVE-2022-39391
RESERVED
CVE-2022-39390
REJECTED
CVE-2022-39389
RESERVED
-CVE-2022-39388
- RESERVED
+CVE-2022-39388 (Istio is an open platform to connect, manage, and secure microservices ...)
+ TODO: check
CVE-2022-39387 (XWiki OIDC has various tools to manipulate OpenID Connect protocol in ...)
NOT-FOR-US: XWiki
CVE-2022-39386 (@fastify/websocket provides WebSocket support for Fastify. Any applica ...)
@@ -20993,17 +21023,20 @@ CVE-2022-38130 (The com.keysight.tentacle.config.ResourceManager.smsRestoreDatab
NOT-FOR-US: Keysight Sensor Management Server
CVE-2022-38129 (A path traversal vulnerability exists in the com.keysight.tentacle.lic ...)
NOT-FOR-US: Keysight Sensor Management Server
-CVE-2022-38128 (An infinite loop may be triggered in display_debug_abbrev() function i ...)
+CVE-2022-38128
+ REJECTED
- binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29370
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=695c6dfe7e85006b98c8b746f3fd5f913c94ebff
NOTE: binutils not covered by security support
-CVE-2022-38127 (A NULL pointer dereference in the read_and_display_attr_value() functi ...)
+CVE-2022-38127
+ REJECTED
- binutils 2.38.50.20220627-1 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29290
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e98e7d9a70dcc987bff0e925f20b78cd4a2979ed
NOTE: binutils not covered by security support
-CVE-2022-38126 (Assertion fail in the display_debug_names() function in binutils/dwarf ...)
+CVE-2022-38126
+ REJECTED
- binutils 2.38.50.20220627-1 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29289
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e3e5ae049371a27fd1737aba946fe26d06e029b5
@@ -24157,8 +24190,8 @@ CVE-2022-36940
RESERVED
CVE-2022-36939
RESERVED
-CVE-2022-36938
- RESERVED
+CVE-2022-36938 (DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b ...)
+ TODO: check
CVE-2022-36937
RESERVED
CVE-2022-36936
@@ -27156,8 +27189,8 @@ CVE-2022-2397
RESERVED
CVE-2022-2396 (A vulnerability classified as problematic was found in SourceCodester ...)
NOT-FOR-US: Simple e-Learning System
-CVE-2022-35740
- RESERVED
+CVE-2022-35740 (dotCMS before 22.06 allows remote attackers to bypass intended access ...)
+ TODO: check
CVE-2022-35739 (PRTG Network Monitor through 22.2.77.2204 does not prevent custom inpu ...)
NOT-FOR-US: PRTG Network Monitor
CVE-2022-35738
@@ -46891,7 +46924,7 @@ CVE-2022-28750 (Zoom On-Premise Meeting Connector Zone Controller (ZC) before ve
CVE-2022-28749 (Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 ...)
NOT-FOR-US: Zoom
CVE-2022-28748
- RESERVED
+ REJECTED
CVE-2022-28747 (Key reuse in GoSecure Titan Inbox Detection & Response (IDR) throu ...)
NOT-FOR-US: GoSecure Titan Inbox Detection & Response (IDR)
CVE-2022-28746
@@ -54836,8 +54869,8 @@ CVE-2022-26090 (Improper access control vulnerability in SamsungContacts prior t
NOT-FOR-US: Samsung
CVE-2022-26089
RESERVED
-CVE-2022-26088
- RESERVED
+CVE-2022-26088 (An issue was discovered in BMC Remedy before 22.1. Email-based Inciden ...)
+ TODO: check
CVE-2022-0761
RESERVED
CVE-2022-0760 (The Simple Link Directory WordPress plugin before 7.7.2 does not valid ...)
@@ -58046,8 +58079,8 @@ CVE-2022-24947 (Apache JSPWiki user preferences form is vulnerable to CSRF attac
- jspwiki <removed>
CVE-2022-24946 (Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC ...)
NOT-FOR-US: Mitsubishi
-CVE-2022-24945 (This CVE ID has been rejected or withdrawn by its CVE Numbering Author ...)
- TODO: check
+CVE-2022-24945
+ REJECTED
CVE-2022-24944
RESERVED
CVE-2022-24943
@@ -65936,7 +65969,7 @@ CVE-2022-22810 (A CWE-307: Improper Restriction of Excessive Authentication Atte
NOT-FOR-US: Schneider Electric
CVE-2022-22809 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
NOT-FOR-US: Schneider Electric
-CVE-2022-22808 (A CWE-942: Permissive Cross-domain Policy with Untrusted Domains vulne ...)
+CVE-2022-22808 (A CWE-352: Cross-Site Request Forgery (CSRF) exists that could cause a ...)
NOT-FOR-US: Schneider Electric
CVE-2022-22807 (A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulner ...)
NOT-FOR-US: Schneider Electric
@@ -140322,7 +140355,8 @@ CVE-2021-20224 (An integer overflow issue was discovered in ImageMagick's Export
NOTE: https://github.com/ImageMagick/ImageMagick/pull/3083
NOTE: https://github.com/ImageMagick/ImageMagick/commit/5af1dffa4b6ab984b5f13d1e91c95760d75f12a6
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/553054c1cb1e4e05ec86237afef76a32cd7c464d
-CVE-2021-20223 (An issue was found in fts5UnicodeTokenize() in ext/fts5/fts5_tokenize. ...)
+CVE-2021-20223
+ REJECTED
{DLA-3107-1}
- sqlite3 3.34.0-1
NOTE: https://github.com/sqlite/sqlite/commit/d1d43efa4fb0f2098c0e2c5bf2e807c58d5ec05b (version-3.34.0)
@@ -152023,8 +152057,8 @@ CVE-2021-0187
RESERVED
CVE-2021-0186 (Improper input validation in the Intel(R) SGX SDK applications compile ...)
NOT-FOR-US: Intel
-CVE-2021-0185
- RESERVED
+CVE-2021-0185 (Improper input validation in the firmware for some Intel(R) Server Boa ...)
+ TODO: check
CVE-2021-0184
RESERVED
CVE-2021-0183 (Improper Validation of Specified Index, Position, or Offset in Input i ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66c61060252ae083065b73a0a43a86b02ff6fa05
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66c61060252ae083065b73a0a43a86b02ff6fa05
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221111/eb2651a3/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list